On Mon, 20 Jun 2016 10:46:57 +0530 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
A quick update to an old thread.
http://krebsonsecurity.com/2016/06/fbi-raids-spammer-outed-by-krebsonsecurit...
to also add my 1c - 7 of the top ten spammers on the planet is from the USA https://www.spamhaus.org/statistics/spammers/ And currently the only spam getting through my new anti spam system is from Google, Hotmail, Outlook - huge US multi nationals and large email houses like Mimecast - that sends emails for Governments and also sends spam. The email abuse problem is a very simple and easy one to solve. Whomever sends or transmits spam must be blocked - until they have confirmed that there users infections, etc have been cleaned and/or they have reclaimed their IP ranges. I received my first email spam in 1988 and since then I have lived through so very very many opinions, systems, reading users emails to "predict" if what they are sending is spam or not and all sorts of fancy things. But the bottom line is that if people accept responsibility for what they transmit and if they maintain their networks and email sever IP numbers - there simply is no spam problem that cannot be solved. We make the email abuse problem complex ourselves by refusing to educate lazy users and to constantly try to fix the spam problem with spaghetti Current Spam Solutions = Spaghetti (or quicksand? and imnsho costs/wastes lots of money, resources and energy) Andre
—srs
On 07-Nov-2014, at 12:54 AM, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
In message <8F1040D0-94EA-47DC-97DD-027F186F2B12@nickshorey.com>, Nick Shorey <nick@nickshorey.com> wrote:
These are really interesting discussions so please keep me updated on progress against these rogue ASNs.
Progress??
I'll give you an update, but it hardly represents anything that could be called ``progress''.
As of today, AS201640 is still squatting on these same 11 routes:
36.0.56.0/21 41.92.206.0/23 41.198.80.0/20 41.198.224.0/20 61.242.128.0/19 119.227.224.0/19 123.29.96.0/19 177.22.117.0/24 177.46.48.0/22 187.189.158.0/23 202.39.112.0/20
If you check back in a month or two, perhaps one or more of the networks that provides connectivity to AS201640's upstream, i.e. AS200002, may have finally taken its head out of its ass and done something about this ridiculously blatant case, but I wouldn't hold my breath if I were you.
Regards, rfg
P.S. Of course, it would be Nice if RIPE NCC eventually terminated the registration of AS201640. I think that's their only reasonable course of action, long term. But as is often noted, they are not the routing police, and even if they did so today or tomorrow, there would still be all these bogus route announcements being propagated to the far corners of the earth. The announcements would all then just be attached to an AS number that isn't in the RIPE DB anymore. But as far as I know, the announcements would still flow anyway. (I feel sure that somebody here will correct me if I'm wrong about that.)
Its the network operators who need to put a stop to this over-the-top ludicrous situation. And so far, not a single one is stepping up to do that.